} //Generated date $gendate = gmdate("Y-m-d H:i:s", gmdate("U") + 3600 * $tz); $tz = Util::get_timezone(); if ($tz == 0) { $localtime = $scantime; } else { $localtime = gmdate("YmdHis", Util::get_utc_unixtime($scantime) + 3600 * $tz); } $scanyear = substr($localtime, 0, 4); $scanmonth = substr($localtime, 4, 2); $scanday = substr($localtime, 6, 2); $scanhour = substr($localtime, 8, 2); $scanmin = substr($localtime, 10, 2); $scansec = substr($localtime, 12); $feed = exists_feed_tables($dbconn); if (!empty($ipl) && !empty($ctx)) { $query = "SELECT t2.name, t2.description\n from vuln_nessus_latest_reports res\n LEFT JOIN vuln_nessus_settings t2 on res.sid=t2.id\n where res.hostIP='{$ipl}'\n and res.ctx=UNHEX('{$ctx}')\n {$perms_where}"; $result = $dbconn->execute($query); $profile_name = $result->fields['name']; $profile_desc = $result->fields['description']; } // Create new PHPExcel object $objPHPExcel = new PHPExcel(); $dataArray = array(); // Set document properties $objPHPExcel->getProperties()->setCreator("AlienVault"); // Default font size and style alignment $objPHPExcel->getDefaultStyle()->getFont()->setSize(14); $objPHPExcel->getDefaultStyle()->getAlignment()->setVertical(PHPExcel_Style_Alignment::VERTICAL_TOP); $titles = array('font' => array('bold' => true));
die(_("Invalid Scantime")); } ossim_set_error(false); ossim_valid($scantype, OSS_ALPHA, 'illegal:' . _("Scan Type")); if (ossim_error()) { die(_("Invalid Scan Type")); } ossim_set_error(false); ossim_valid($key, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Key")); if (ossim_error()) { die(_("Invalid Key")); } // Check if exists _feed tables $query = "SELECT sid FROM vuln_nessus_reports WHERE report_id in ({$report_id})"; $profile = $dbconn->GetOne($query); $feed = $profile == "-1" && exists_feed_tables($dbconn) ? "_feed" : ""; $perms_where = Session::get_ctx_where() != "" ? " AND ctx in (" . Session::get_ctx_where() . ")" : ""; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); if ($scansubmit != "") { $query = "SELECT r.report_id FROM vuln_nessus_reports r,vuln_jobs j \n WHERE r.report_id=j.report_id AND j.scan_SUBMIT='{$scansubmit}'\n AND scantype='{$scantype}'" . (empty($arruser) ? "" : " AND r.username in ({$user})"); $result = $dbconn->execute($query); while (!$result->EOF) { list($report_id) = $result->fields; $ids[] = $report_id; $result->MoveNext(); } $report_id = implode(",", $ids); } else { $query = "SELECT report_id FROM vuln_nessus_reports WHERE report_key='{$key}' AND scantime='{$scantime}'\n AND scantype='{$scantype}' " . (empty($arruser) ? "" : " AND username in ({$user})") . " LIMIT 1"; $result = $dbconn->execute($query); list($report_id) = $result->fields;
function origdetails() { global $uroles, $user, $sid, $query_risk, $border, $report_id, $scantime, $scantype, $fp, $nfp, $filterip, $enableFP, $enableNotes, $output, $sortby, $dbconn, $arruser; global $treport, $ipl, $query_byuser, $ips_inrange, $ctx, $key; $colors = array("Serious" => "#FFCDFF", "High" => "#FFDBDB", "Medium" => "#FFF283", "Low" => "#FFFFC0", "Info" => "#FFFFE3"); $images = array("Serious" => "./images/risk1.gif", "High" => "./images/risk2.gif", "Medium" => "./images/risk3.gif", "Low" => "./images/risk6.gif", "Info" => "./images/risk7.gif"); $levels = array("Serious" => "1", "High" => "2", "Medium" => "3", "Low" => "6", "Info" => "7"); $query_host = ''; if ($filterip) { $query_host = " AND hostip='{$filterip}'"; } echo "<center>"; echo "<form>"; echo "<table width=\"900\" class=\"noborder\" style=\"background:transparent;\">"; echo "<tr><td style=\"text-align:left;\" class=\"nobborder\">"; echo "<input id=\"checkboxFP\" type=\"checkbox\" onclick=\"showFalsePositives()\"> <span style=\"color:black\">" . _("View false positives") . "</span>"; echo "</td><td class=\"nobborder\" style=\"text-align:center;\">"; // print the icon legend if ($enableFP) { echo "<img alt='True' src='images/true.gif' border=0 align='absmiddle'> - " . _("True result") . " "; echo "<img alt='False' src='images/false.png' border=0 align='absmiddle'> - " . _("False positive result") . " "; } $feed = exists_feed_tables($dbconn); echo "<img alt='Info' src='images/info.png' border=0 align='absmiddle'> - " . _("Additional information is available"); echo "</td></tr></table>"; echo "</form>"; echo "<br>"; $perms_where = Session::get_ctx_where() != "" ? " AND res.ctx in (" . Session::get_ctx_where() . ")" : ""; if ($ipl == "all") { $query = "select distinct res.hostIP, HEX(res.ctx) as ctx\n from vuln_nessus_latest_results res\n where falsepositive='N' \n {$perms_where}\n {$query_byuser}"; } else { if (!empty($ipl) && !empty($ctx)) { $query = "select distinct res.hostIP, HEX(res.ctx) as ctx\n from vuln_nessus_latest_results res\n where falsepositive='N' \n and res.hostIP='{$ipl}'\n and res.ctx=UNHEX('{$ctx}')\n {$perms_where}\n {$query_byuser}"; } else { if (!empty($scantime) && !empty($key)) { $query = "select distinct res.hostIP, HEX(res.ctx) as ctx\n from vuln_nessus_latest_results res, vuln_nessus_latest_reports rep\n where res.falsepositive='N'\n and res.scantime='{$scantime}' \n and res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.username=rep.username\n and res.sid=rep.sid\n {$perms_where}\n and rep.report_key='{$key}' {$query_byuser}"; } } } $resultp = $dbconn->execute($query); $host_range = array_keys($ips_inrange); while (list($hostip, $hostctx) = $resultp->fields) { $host_id = key(Asset_host::get_id_by_ips($dbconn, $hostip, $hostctx)); if (valid_hex32($host_id)) { $hostname = Asset_host::get_name_by_id($dbconn, $host_id); } else { $hostname = _('unknown'); } if (in_array($hostip . ";" . $hostctx, $host_range)) { echo "<div class='hostip'>"; echo "<br><font color='red'><b><a name='{$hostip};{$hostctx}' href='javascript:;' ctx='{$hostctx}' id='{$hostip};{$hostname}' class='HostReportMenu'>{$hostip} - {$hostname}</a></b></font>"; echo "<br><br><table summary=\"{$hostip} - " . _("Reported Ports") . "\">"; echo "<tr><th colspan=2>" . _("Reported Ports") . "</th></tr>"; if (!empty($scantime) && !empty($key)) { $query = "select distinct res.port, res.protocol\n from vuln_nessus_latest_results res, vuln_nessus_latest_reports rep\n where res.falsepositive='N'\n and res.scantime='{$scantime}' \n and res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.username=rep.username\n and res.sid=rep.sid\n and res.hostIP='{$hostip}'\n and res.ctx='{$hostctx}'\n and rep.report_key='{$key}' {$query_byuser}) as t group by risk"; } else { $query = "select distinct res.port, res.protocol\n from vuln_nessus_latest_results res \n where hostip='{$hostip}' and ctx=UNHEX('{$hostctx}') {$query_byuser} AND port > '0' ORDER BY port ASC"; } $result1 = $dbconn->execute($query); $k = 1; $pos = ''; if (!$result1->fields) { print "<tr><td>" . _("No reported ports found") . "</td></tr>"; } else { while (list($port, $proto) = $result1->fields) { if ($k % 2) { echo "<tr><td>{$port}/{$proto}</td>"; $pos = "open"; } else { echo "<td>{$port}/{$proto}</td></tr>"; $pos = "closed"; } $k++; $result1->MoveNext(); } // end while // close up the table if ($pos != "closed") { echo "<td> </td></tr>"; } } echo "</table><br/>"; echo "<table width='900' summary='{$hostip} - risks'><tr>"; echo "<th>" . _("Vuln Name") . "</th>"; echo "<th>" . _("VulnID") . "</th>"; echo "<th>" . _("Service") . "</th>"; echo "<th>" . _("Severity") . "</th>"; echo "</tr>"; if (!empty($scantime) && !empty($key)) { if ($feed) { $query = "select res.result_id, res.service, res.risk, res.falsepositive, res.scriptid, v.name, res.msg, rep.sid\n from vuln_nessus_latest_results AS res LEFT JOIN vuln_nessus_plugins AS v ON v.id=res.scriptid, vuln_nessus_latest_reports rep\n where res.msg<>''\n and res.scantime='{$scantime}' \n and res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.hostIP='{$hostip}'\n and res.ctx=UNHEX('{$hostctx}')\n and res.username=rep.username\n and res.sid=rep.sid\n and rep.report_key='{$key}' and rep.sid>=0 {$query_byuser}\n UNION DISTINCT\n select res.result_id, res.service, res.risk, res.falsepositive, res.scriptid, v.name, res.msg, rep.sid\n from vuln_nessus_latest_results AS res LEFT JOIN vuln_nessus_plugins_feed AS v ON v.id=res.scriptid, vuln_nessus_latest_reports rep\n where res.msg<>''\n and res.scantime='{$scantime}' \n and res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.hostIP='{$hostip}'\n and res.ctx=UNHEX('{$hostctx}')\n and res.username=rep.username\n and res.sid=rep.sid\n and rep.report_key='{$key}' and rep.sid<0 {$query_byuser}\n "; } else { $query = "select res.result_id, res.service, res.risk, res.falsepositive, res.scriptid, v.name, res.msg, rep.sid\n from vuln_nessus_latest_results AS res LEFT JOIN vuln_nessus_plugins AS v ON v.id=res.scriptid, vuln_nessus_latest_reports rep\n where res.msg<>''\n and res.scantime='{$scantime}' \n and res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.hostIP='{$hostip}'\n and res.ctx=UNHEX('{$hostctx}')\n and res.username=rep.username\n and res.sid=rep.sid\n and rep.report_key='{$key}' {$query_byuser}"; } } else { if ($feed) { $query = "select res.result_id, res.service, res.risk, res.falsepositive, res.scriptid, v.name, res.msg, rep.sid\n FROM vuln_nessus_latest_results res LEFT JOIN vuln_nessus_plugins AS v ON v.id=res.scriptid, vuln_nessus_latest_reports rep\n WHERE\n res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.username=rep.username\n and res.sid=rep.sid\n and res.hostIP='{$hostip}'\n and res.ctx=UNHEX('{$hostctx}')\n {$query_byuser} and msg<>'' and rep.sid>=0\n UNION DISTINCT\n select res.result_id, res.service, res.risk, res.falsepositive, res.scriptid, v.name, res.msg, rep.sid\n FROM vuln_nessus_latest_results res LEFT JOIN vuln_nessus_plugins_feed AS v ON v.id=res.scriptid, vuln_nessus_latest_reports rep\n WHERE\n res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.username=rep.username\n and res.sid=rep.sid\n and res.hostIP='{$hostip}'\n and res.ctx=UNHEX('{$hostctx}')\n {$query_byuser} and msg<>'' and rep.sid<0"; } else { $query = "select res.result_id, res.service, res.risk, res.falsepositive, res.scriptid, v.name, res.msg, rep.sid\n FROM vuln_nessus_latest_results res LEFT JOIN vuln_nessus_plugins AS v ON v.id=res.scriptid, vuln_nessus_latest_reports rep\n WHERE\n res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.username=rep.username\n and res.sid=rep.sid\n and res.hostIP='{$hostip}'\n and res.ctx=UNHEX('{$hostctx}')\n {$query_byuser} and msg<>''"; } } $query .= " group by risk, port, protocol, app, scriptid, msg order by risk"; $result1 = $dbconn->execute($query); $arrResults = array(); while (list($result_id, $service, $risk, $falsepositive, $scriptid, $pname, $msg, $sid) = $result1->fields) { $tmpport1 = preg_split("/\\(|\\)/", $service); if (sizeof($tmpport1) == 1) { $tmpport1[1] = $tmpport1[0]; } $tmpport2 = preg_split("/\\//", $tmpport1[1]); $service_num = $tmpport2[0]; $service_proto = $tmpport2[1]; $arrResults[] = array($service_num, $service_proto, $service, $risk, $falsepositive, $result_id, $msg, $scriptid, $pname, $sid); $result1->MoveNext(); } if (empty($arrResults)) { // empty, print out message echo "<tr><td colspan='4'>" . _("No vulnerability results matching this reports filtering criteria were found") . ".</td></tr>"; } foreach ($arrResults as $arrkey => $value) { list($service_num, $service_proto, $service, $risk, $falsepositive, $resid, $msg, $scriptid, $pname, $sid) = $value; $msg = preg_replace("/^[ \t]*/", "", $msg); $cves_found = ""; if (preg_match_all("/CVE\\-\\d+\\-\\d+/i", $msg, $found)) { $cves_found = implode(" ", $found[0]); } $msg = preg_replace("/[\n\r]/", "<br>", $msg); $msg = wordwrap($msg, 100, "<br>", 1); $tmprisk = getrisk($risk); $msg = preg_replace("/^\\<br\\>/i", "", str_replace("\\r", "", $msg)); $msg = preg_replace("/(Solution|Summary|Details|Overview|Synopsis|Description|See also|Plugin output|References|Vulnerability Insight|Vulnerability Detection|Impact|Impact Level|Affected Software\\/OS|Fix|Information about this scan)\\s*:/", "<b>\\1:</b>", $msg); // output the table cells $ancla = $hostip . "_" . $hostctx . "_" . $levels[$tmprisk]; $pname = $pname != "" ? $pname : _("No name"); echo "<tr " . ($falsepositive == 'Y' ? "class=\"trsk risk{$risk} fp\"" : "class=\"trsk risk{$risk}\"") . "style=\"background-color:" . $colors[$tmprisk] . ($falsepositive == 'Y' ? ";display:none;" : "") . "\">"; //echo "<tr>"; echo "<td width=\"50%\" style=\"padding:3px 0px 3px 0px;\"><b>" . $pname . "</b></td>"; echo "<td style=\"padding:3px 0px 3px 0px;\">{$scriptid}</td>"; ?> <td style="padding:3px;" width="180"><?php echo $service; ?> </td> <td style="text-align:center;"> <?php echo $tmprisk; ?> <img align="absmiddle" src="<?php echo $images[$tmprisk]; ?> " style="border: 1px solid ; width: 25px; height: 10px;"> </td> </tr> <?php echo "<tr " . ($falsepositive == 'Y' ? "class=\"trsk risk{$risk} fp\"" : "class=\"trsk risk{$risk}\"") . "style=\"background-color:" . $colors[$tmprisk] . ($falsepositive == 'Y' ? ";display:none;" : "") . "\">"; ?> <td style="padding:3px 0px 3px 6px;text-align:left;"> <a class="msg" name="<?php echo $resid; ?> "></a> <a name="<?php echo $ancla; ?> "></a> <?php echo $msg; ?> <font size="1"> <br><br> </font> <?php if ($cves_found != '') { ?> <a title="<?php echo _("Info from cve.mitre.org"); ?> " target="cve_mitre_org" href="http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=<?php echo urlencode($cves_found); ?> "><img src="images/cve_mitre.png" border='0'></a> <!--Add link to popup with Script Info--> <?php } if ($scriptid != "0") { ?> <!--Add link to popup with Script Info--> <div lid="<?php echo $scriptid; ?> " style="text-decoration:none;display:inline" class="scriptinfo"><img alt="Info" src="images/info.png" border=0></div> <?php } $tmpu = array(); $url = ""; foreach ($_GET as $kget => $vget) { if ($kget != "pluginid" && $kget != "nfp" && $kget != "fp") { $tmpu[] = Util::htmlentities($kget) . "=" . urlencode($vget); } } $url = implode("&", $tmpu); if ($falsepositive == "Y") { ?> <a href="<?php echo $_SERVER['SCRIPT_NAME'] . '?' . $url; ?> &nfp=<?php echo $resid; ?> "> <img alt="<?php echo _("Clear false positive"); ?> " src='images/false.png' title='<?php echo _("Clear false positive"); ?> ' border='0' /> </a> <?php } else { ?> <a href="<?php echo $_SERVER['SCRIPT_NAME'] . '?' . $url; ?> &fp=<?php echo $resid; ?> "> <img alt="<?php echo _("Mark as false positive"); ?> " src='images/true.gif' title='<?php echo _("Mark as false positive"); ?> ' border='0' /> </a> <?php } $pticket = "ref=Vulnerability&title=" . urlencode($pname) . "&priority=1&ip=" . urlencode($hostip) . "&port=" . urlencode($service_num) . "&nessus_id=" . urlencode($scriptid) . "&risk=" . urlencode($tmprisk) . "&type=" . urlencode("Nessus Vulnerability"); echo "<a title=\"" . _("New ticket") . "\" class=\"greybox\" href=\"../incidents/newincident.php?{$pticket}\"><img style=\"padding-bottom:2px;\" src=\"../pixmaps/script--pencil.png\" border=\"0\" alt=\"i\" width=\"12\"></a> "; ?> </td> <?php if ($sid < 0) { $plugin_info = $dbconn->execute("SELECT t2.name, t3.name, t1.copyright, t1.summary, t1.version \n FROM vuln_nessus_plugins_feed t1\n LEFT JOIN vuln_nessus_family_feed t2 on t1.family=t2.id\n LEFT JOIN vuln_nessus_category_feed t3 on t1.category=t3.id\n WHERE t1.id='{$scriptid}'"); } else { $plugin_info = $dbconn->execute("SELECT t2.name, t3.name, t1.copyright, t1.summary, t1.version \n FROM vuln_nessus_plugins t1\n LEFT JOIN vuln_nessus_family t2 on t1.family=t2.id\n LEFT JOIN vuln_nessus_category t3 on t1.category=t3.id\n WHERE t1.id='{$scriptid}'"); } list($pfamily, $pcategory, $pcopyright, $psummary, $pversion) = $plugin_info->fields; ?> <td colspan="3" valign="top" style="text-align:left;padding:3px;"> <?php $plugindetails = ''; if ($pfamily != '') { $plugindetails .= '<b>Family name:</b> ' . $pfamily . '<br><br>'; } if ($pcategory != '') { $plugindetails .= '<b>Category:</b> ' . $pcategory . '<br><br>'; } if ($pcopyright != '') { $plugindetails .= '<b>Copyright:</b> ' . $pcopyright . '<br><br>'; } if ($psummary != '') { $plugindetails .= '<b>Summary:</b> ' . $psummary . '<br><br>'; } if ($pversion != '') { $plugindetails .= '<b>Version:</b> ' . $pversion . '<br><br>'; } echo $plugindetails; ?> </td> </tr> <?php $result1->MoveNext(); } echo "</table>"; echo "</div>"; } $resultp->MoveNext(); } echo "</center>"; }